#!/bin/bash

# 临时禁用IPv4安全ICMP重定向
echo 0 > /proc/sys/net/ipv4/conf/all/secure_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/secure_redirects

# 永久禁用IPv4安全ICMP重定向
if grep -q "^net.ipv4.conf.all.secure_redirects" /etc/sysctl.conf; then
    sed -i 's/^net.ipv4.conf.all.secure_redirects.*/net.ipv4.conf.all.secure_redirects=0/' /etc/sysctl.conf
else
    echo "net.ipv4.conf.all.secure_redirects=0" >> /etc/sysctl.conf
fi

if grep -q "^net.ipv4.conf.default.secure_redirects" /etc/sysctl.conf; then
    sed -i 's/^net.ipv4.conf.default.secure_redirects.*/net.ipv4.conf.default.secure_redirects=0/' /etc/sysctl.conf
else
    echo "net.ipv4.conf.default.secure_redirects=0" >> /etc/sysctl.conf
fi

# 应用配置
sysctl -p >/dev/null 2>&1

echo "安全ICMP重定向禁用配置完成"